Class: Google::Apis::CloudresourcemanagerV1::OrgPolicy

Inherits:
Object
  • Object
show all
Includes:
Google::Apis::Core::Hashable, Google::Apis::Core::JsonObjectSupport
Defined in:
generated/google/apis/cloudresourcemanager_v1/classes.rb,
generated/google/apis/cloudresourcemanager_v1/representations.rb,
generated/google/apis/cloudresourcemanager_v1/representations.rb

Overview

Defines a Cloud Organization Policy which is used to specify Constraints for configurations of Cloud Platform resources.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(**args) ⇒ OrgPolicy

Returns a new instance of OrgPolicy.



1385
1386
1387
 
# File 'generated/google/apis/cloudresourcemanager_v1/classes.rb', line 1385

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#boolean_policyGoogle::Apis::CloudresourcemanagerV1::BooleanPolicy

Used in policy_type to specify how boolean_policy will behave at this resource. Corresponds to the JSON property booleanPolicy

Returns:



1315
1316
1317
 
# File 'generated/google/apis/cloudresourcemanager_v1/classes.rb', line 1315

def boolean_policy
  @boolean_policy
end

#constraintString

The name of the Constraint the Policy is configuring, for example, constraints/serviceuser.services. A list of available constraints is available. Immutable after creation. Corresponds to the JSON property constraint

Returns:

  • (String) 


1323
1324
1325
 
# File 'generated/google/apis/cloudresourcemanager_v1/classes.rb', line 1323

def constraint
  @constraint
end

#etagString

An opaque tag indicating the current version of the Policy, used for concurrency control. When the Policy is returned from either a GetPolicy or a ListOrgPolicy request, this etag indicates the version of the current Policy to use when executing a read-modify-write loop. When the Policy is returned from a GetEffectivePolicy request, the etag will be unset. When the Policy is used in a SetOrgPolicy method, use the etag value that was returned from a GetOrgPolicy request as part of a read-modify-write loop for concurrency control. Not setting the etagin a SetOrgPolicy request will result in an unconditional write of the Policy. Corresponds to the JSON property etag NOTE: Values are automatically base64 encoded/decoded in the client library.

Returns:

  • (String) 


1337
1338
1339
 
# File 'generated/google/apis/cloudresourcemanager_v1/classes.rb', line 1337

def etag
  @etag
end

#list_policyGoogle::Apis::CloudresourcemanagerV1::ListPolicy

Used in policy_type to specify how list_policy behaves at this resource. ListPolicy can define specific values and subtrees of Cloud Resource Manager resource hierarchy (Organizations, Folders, Projects) that are allowed or denied by setting the allowed_values and denied_values fields. This is achieved by using the under: and optional is: prefixes. The under: prefix is used to denote resource subtree values. The is: prefix is used to denote specific values, and is required only if the value contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats: - "projects/", e.g. "projects/tokyo-rain-123" - "folders/", e.g. "folders/1234" - "organizations/", e.g. "organizations/1234" The supports_under field of the associated Constraint defines whether ancestry prefixes can be used. You can set allowed_values and denied_values in the same Policy if all_values is ALL_VALUES_UNSPECIFIED. ALLOW or DENY are used to allow or deny all values. If all_values is set to either ALLOW or DENY, allowed_values and denied_values must be unset. Corresponds to the JSON property listPolicy

Returns:



1357
1358
1359
 
# File 'generated/google/apis/cloudresourcemanager_v1/classes.rb', line 1357

def list_policy
  @list_policy
end

#restore_defaultGoogle::Apis::CloudresourcemanagerV1::RestoreDefault

Ignores policies set above this resource and restores the constraint_default enforcement behavior of the specific Constraint at this resource. Suppose that constraint_default is set to ALLOW for the Constraint constraints/ serviceuser.services. Suppose that organization foo.com sets a Policy at their Organization resource node that restricts the allowed service activations to deny all service activations. They could then set a Policy with the policy_type restore_default on several experimental projects, restoring the constraint_default enforcement of the Constraint for only those projects, allowing those projects to have all services activated. Corresponds to the JSON property restoreDefault

Returns:



1370
1371
1372
 
# File 'generated/google/apis/cloudresourcemanager_v1/classes.rb', line 1370

def restore_default
  @restore_default
end

#update_timeString

The time stamp the Policy was previously updated. This is set by the server, not specified by the caller, and represents the last time a call to SetOrgPolicy was made for that Policy. Any value set by the client will be ignored. Corresponds to the JSON property updateTime

Returns:

  • (String) 


1378
1379
1380
 
# File 'generated/google/apis/cloudresourcemanager_v1/classes.rb', line 1378

def update_time
  @update_time
end

#versionFixnum

Version of the Policy. Default version is 0; Corresponds to the JSON property version

Returns:

  • (Fixnum) 


1383
1384
1385
 
# File 'generated/google/apis/cloudresourcemanager_v1/classes.rb', line 1383

def version
  @version
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object



1390
1391
1392
1393
1394
1395
1396
1397
1398
 
# File 'generated/google/apis/cloudresourcemanager_v1/classes.rb', line 1390

def update!(**args)
  @boolean_policy = args[:boolean_policy] if args.key?(:boolean_policy)
  @constraint = args[:constraint] if args.key?(:constraint)
  @etag = args[:etag] if args.key?(:etag)
  @list_policy = args[:list_policy] if args.key?(:list_policy)
  @restore_default = args[:restore_default] if args.key?(:restore_default)
  @update_time = args[:update_time] if args.key?(:update_time)
  @version = args[:version] if args.key?(:version)
end